what is nagios 'SECURITY information'?
Alex Dean
alex at crackpot.org
Tue Nov 30 07:52:23 MST 2010
On Nov 29, 2010, at 3:04 PM, Jason Holtzapple wrote:
> On 11/29/2010 12:45 PM, Alex Dean wrote:
>> I have Nagios running on a local server, and I occasionally get some emails from it with the subject "*** SECURITY information for <hostname>***". The body of the message is just a few characters. I've done some searching in my Nagios logs and online, and I have no idea what these emails are or what they mean.
>>
>> The latest instance was last night. I had my local network torn apart for a few hours, and when I reconnected everything, I had about 40 of these emails waiting for me.
>>
>> The Nagios I'm using is from Ubuntu 9.10. I'm using only a very few HTTP, ssh, & ping monitors. Nothing complex at all.
>
> sudo creates emails with subjects like that if there are security
> issues, but the body of your mail is not typical of sudo. Do any of your
> nagios checks use sudo as part of the check?
Nice fine. My checks using check_ide_smart do use sudo.
define command{
command_name check_smartd
command_line /usr/bin/sudo /usr/lib/nagios/plugins/check_ide_smart -d $ARG1$ -n
}
define service{
use generic-service
host_name localhost
service_description SMART status 2
check_command check_smartd!/dev/disk/by-id/scsi-SATA_WDC_WD6401AALS-_WD-WCASY7715793
}
/etc/sudoers
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_ide_smart
For the example SECURITY email I sent (dated Nov 28, 21:29:59), /var/log/auth.log has a record:
Nov 28 21:29:59 artichoke sudo: nagios : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/lib/nagios/plugins/check_ide_smart -d /dev/disk/by-id/scsi-SATA_WDC_WD6401AALS-_WD-WCASY7715793 -n
As far as I can tell, that looks normal. The smartd checks were never in error while my network was down. I'm only using local passwd/group/shadow files for authentication, no LDAP or yp or other external authentication service.
alex
More information about the PLUG-discuss
mailing list